Hashizume, K., Rosado, D. G., Fernandez-Medina, E.,

From Digital Culture & Society

Hashizume, K., Rosado, D. G., Fernandez-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal Of Internet Services And Applications, (1), 1. [1]

Ashley Williams

This article focuses on an analysis of security issues that arise from cloud computing. Cloud computing has been growing attention in the field of science and industry. A systemic review was preformed in order to identify the “most relevant issues in cloud computing” (Hashizume et al., 2013, p.2). The questions considered “vulnerabilities, threats, risks, requirements, and solutions of security for cloud computing” (2013, p.2). Hashizume et al. (2013) state that the main objective of cloud computing is “to provide secure, quick, convenient data storage and net computing service, with all computing resources visualized as services and delivered over the Internet” (p.1). Compliance, privacy, legal matters and security are the most significant barriers to adapt to in regards to cloud computing (2013, p.1). Most security concerns are associated with risk areas “such as external data storage, dependency on the public Internet, lack of control, multi-tenancy, and integration with internal security” (2013, p.1). The SPI model is a main focus of the article. SPI stands for SaaS, PaaS, and IaaS. The authors define a threat to cloud computing as “a potential attack that may lead to misuse of information or resources” (2013, p.2). What makes a particular system vulnerable to an attack are the “flows in a system that allows an attack to be successful” (2013, p.2)

Strengths of this paper are that the authors structured the topics with subheadings, which made it easier to follow along and organized. The definition of an SPI proved useful to the readers who do not have any prior knowledge on the technical side of cloud computing. The acronym stands for: software a service, platform as a service, and infrastructure as a service (2013, p.3). Although the further explanation of what the three services mean is a bit more complicated and confusing, the authors do their best to explain the concepts to the reader. The authors make it clear that “any attack to any cloud service layer can compromise the upper layers” and can be a source of security risk (2013, p.3). Another strength of this paper is that it uses quantitative data. Discussion on the Cloud Security Alliance (CSA) strengthens the paper because it shows the authors are contributing to a greater conversation on cloud computing and creates added depth to the paper. The CSA is a non-profit organisation that promotes the best practices to provide security in cloud computing (2013, p.7). The organisation released “a document that describes the current state of mobile computing and the top threats in this area such as information stealing mobile malware, insecure networks (WIFI), vulnerabilities found in the OS and official applications, insecure marketplaces and proximity based hacking” (2013, p.4).

A weakness of the paper is that the data is not explained to the reader in a very effective way. The data is delivered in a chart that is difficult for a reader with little to no prior knowledge of cloud computing to understand. Part of the article discusses the Internet conglomerate Amazon, as offering “a public image repository where legitimate users can download or upload a VM image” (2013, p.6) without elaborating on what exactly a VM image is. This part in the article is interesting because they are using areal life example to illustrate the security issues that can arise from cloud computing. The issue with the amazon example is that “malicious users can store images containing malicious code into public repositories comprising other users or even the cloud system” (2013, p.6). This real life example was very interesting and the paper would have benefited from including more examples like the Amazon case.